ansible-vault: handle utf-8 filename in vault (#50341)
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
This commit is contained in:
parent
6afa00eecd
commit
5c992fcc3f
5 changed files with 33 additions and 2 deletions
|
@ -0,0 +1,3 @@
|
|||
---
|
||||
minor_changes:
|
||||
- Handle vault filename with UTF-8 while decrypting vault file using ansible-vault.
|
|
@ -737,7 +737,7 @@ class VaultLib:
|
|||
file_slug = ''
|
||||
if filename:
|
||||
file_slug = ' of "%s"' % filename
|
||||
display.vvvvv('Decrypt%s successful with secret=%s and vault_id=%s' % (to_text(file_slug), vault_secret, vault_secret_id))
|
||||
display.vvvvv(u'Decrypt%s successful with secret=%s and vault_id=%s' % (to_text(file_slug), vault_secret, vault_secret_id))
|
||||
break
|
||||
except AnsibleVaultFormatError as exc:
|
||||
msg = "There was a vault format error"
|
||||
|
|
|
@ -35,7 +35,7 @@ echo "This is a test file for edit3" > "${TEST_FILE_EDIT3}"
|
|||
# ansible-config view
|
||||
ansible-config view
|
||||
|
||||
# ansisle-config
|
||||
# ansible-config
|
||||
ansible-config dump --only-changed
|
||||
ansible-vault encrypt "$@" --vault-id vault-password "${TEST_FILE_EDIT3}"
|
||||
# EDITOR=./faux-editor.py ansible-vault edit "$@" "${TEST_FILE_EDIT3}"
|
||||
|
@ -266,6 +266,9 @@ echo "rc was $WRONG_RC (2 is expected)"
|
|||
|
||||
ansible-vault view "$@" --vault-password-file "${NEW_VAULT_PASSWORD}" "${TEST_FILE}"
|
||||
|
||||
# view file with unicode in filename
|
||||
ansible-vault view "$@" --vault-password-file vault-password vault-café.yml
|
||||
|
||||
# view with old password file and new password file
|
||||
ansible-vault view "$@" --vault-password-file "${NEW_VAULT_PASSWORD}" --vault-password-file vault-password "${TEST_FILE}"
|
||||
|
||||
|
@ -487,3 +490,6 @@ ansible-playbook "$@" -i invalid_format/inventory --vault-id invalid_format/vaul
|
|||
|
||||
EXPECTED_ERROR='Vault format unhexlify error: Odd-length string'
|
||||
ansible-playbook "$@" -i invalid_format/inventory --vault-id invalid_format/vault-secret invalid_format/broken-group-vars-tasks.yml 2>&1 | grep "${EXPECTED_ERROR}"
|
||||
|
||||
# Run playbook with vault file with unicode in filename (https://github.com/ansible/ansible/issues/50316)
|
||||
ansible-playbook -i ../../inventory -v "$@" --vault-password-file vault-password test_utf8_value_in_filename.yml
|
||||
|
|
|
@ -0,0 +1,16 @@
|
|||
- name: "Test that the vaulted file with UTF-8 in filename decrypts correctly"
|
||||
gather_facts: false
|
||||
hosts: testhost
|
||||
vars:
|
||||
expected: "my_secret"
|
||||
vars_files:
|
||||
- vault-café.yml
|
||||
tasks:
|
||||
- name: decrypt vaulted file with utf8 in filename and show it in debug
|
||||
debug:
|
||||
var: vault_string
|
||||
|
||||
- name: assert decrypted value matches expected
|
||||
assert:
|
||||
that:
|
||||
- "vault_string == expected"
|
6
test/integration/targets/vault/vault-café.yml
Normal file
6
test/integration/targets/vault/vault-café.yml
Normal file
|
@ -0,0 +1,6 @@
|
|||
$ANSIBLE_VAULT;1.1;AES256
|
||||
63363732353363646661643038636339343263303161346533393636336562336465396265373834
|
||||
6366313833613236356666646532613636303532366231340a316238666435306332656662613731
|
||||
31623433613434633539333564613564656439343661363831336364376266653462366161383038
|
||||
6530386533363933350a336631653833666663643166303932653261323431623333356539666265
|
||||
37316464303231366163333430346537353631376538393939646362313337363866
|
Loading…
Reference in a new issue